2 of 5 Evaluating The Cost Of A DDoS Attack
INTERNET
PERFORMANCE.
DELIVERED.
WHITEPAPER
Evaluating The Cost Of A DDoS Attack
Businesses that choose to not protect their infrastructure don't just run the risk of a DDoS attack; they put out
a welcome mat for attackers. DDoS attacks are becoming more sophisticated and destructive, and are on the
rise. In a Ponemon Institute study, 65 percent of organizations had an average of three DDoS attacks between
September 2011 and September 2012, costing each of these companies an estimated average of $3.5 million in
downtime.
1
In the same survey, 71 percent of respondents realize that anti-DoS/DDoS defenses specifically are important or
very important.
2
But just how important are they to you? It should depend on what you're protecting. What's
the cost of an hour of downtime to you, both in dollars and in value that doesn't easily carry a price tag like
productivity or reputation? Your answers should determine the level of protection you need.
Considering The Cost Of Downtime
You are under siege and your website is down, transactions aren't processing or your your email won't send.
Calculating potential loss is an imperfect science, but it's important to consider all of the aspects impacted by
preventable downtime and the effects it has on your operations.
Potential Sales Lost
If you have an ecommerce website, it may handle a significant amount of your business transactions. Also, if you
have an ecommerce business, your website represents all of your sales. A DDoS attack could devastate revenue,
particularly if your site becomes unavailable during peak traffic or transaction times.
Top ecommerce companies experience on average a loss of $1 million for every minute of downtime. In 2012, 476
of these top sites collectively experienced a revenue loss of $1.8 billion. While this number reflects losses from
downtime due to multiple factors, it shows just how costly just a few hours of downtime can be, whether caused
by a DDoS attack or not.
It's also important to take into account the average and potential downtime when considering your possible
revenue loss. The Ponemon study identified the average amount of downtime following a DDoS attack as 54
minutes.
4
However attacks exceeding 12 and even 24 hours are common.
1,102,919
total minutes
of downtime
3,421
average minutes
per company
$866,038,469
in total
lost revenue
$1,890,913
average lost
per company
3
2012:TOP ECOMMERCE SITES
GET HIT HARD BY DOWNTIME